Hi there. I have another question. I'm trying to set up access to my obsd 4.3 box from outside of my router. The ISP I'm with provided me with a Seimens something-or-other 6520 router. I have my obsd box set with an internal ip addy. The router supports dyndns. I have an active account with dyndns. I'm using another computer to ssh into my bsd box internally, and that works fine. But if I try to putty my dyndns url, it doesn't work. If I open a browser from my laptop and use that url it brings me to the router web-interface (config page). I have set the router to forward port 22 to my bsd box's ip, but it doesn't seem to work. Not sure if I set up everything correctly or if the router is just a piece of crap. Don't have the $$$ to buy a new router; not really worried about this, but wouldn't mind being able to ssh to my box from work (when I'm bored and assuming IS doesn't mind). Any thoughts? There aren't too many other options I can play with on the router...

If you do a reverse IP lookup on your dynamic IP, you'll probably see that you have a DNS string. For most, but not all ISPs, this DNS string is invariant and, more importantly, will always resolve to your then assigned IP address.

The problem here is that you have a dynamic IP, really. Your dyndns.org name is not resolving properly for some reason. Dynamic IPs are designed to thwart this sort of thing. dyndns is a kludge to get around it.

If your ISP offers static IPs, it will make your life a lot easier. Then you will have a fixed IP that you can either SSH to by IP, or you can set up your own name server (I use bind9) and purchase a domain name so that you can attach names to your own machines.

My ISP provides two static IPs at no charge. Additional static IPs up to four total are $9.95 per month. One static IP will probably do the trick because you can ssh into one box on your lan, and then ssh to other machines from there, or do port forwarding tricks to use the same IP but different ports for each machine. (This only matters if you intend to have more than one machine accessible to the world.)

Work has that port blocked. ISP does not offer static IP's (not for residential use at least). Not that *important*, just that if the ability was there I'd take advantage. It's not, so case closed. Thanks for all the help though!

Work has that port blocked. ISP does not offer static IP's (not for residential use at least). Not that *important*, just that if the ability was there I'd take advantage. It's not, so case closed. Thanks for all the help though!

jwhal

Well, actually, not "case closed" necessarily. SSH runs on port 22 as a matter of standard, but your implementation doesn't have to. You can set ssh to respond on any port you like. Of course, in your case you'd have to confine it to those ports your workplace allows outbound traffic on... and that their sensors and admins wouldn't see as suspicious. Then don't forget to configure your router to do a redirect on the new port you are choosing for SSH traffic.

The other thing is that you mentioned that you don't get a proper redirect from your laptop on your LAN to the port 22 of your OBSD box... being that you are on the LAN side of your router, this may not be surprising. It may just be the case that your router does those redirects for inbound packets hitting it's WAN interface, and not redirecting for packets incoming on the LAN interface (because philosophically speaking, why would it need to? It seems useless to do a redirect on the router from one LAN host to another LAN host.)

A way to try this is to redirect port 80 in your router to your OBSD box. Then fire up httpd (you don't need a config, it should just come up with the default page.) Then go to a proxy service (a reputable one) like Megaproxy.com (and "try their service for free".) Put in the dyndns url address... and you should see the standard welcome page for Apache on OBSD. If not, then yes, you have something screwed up in your router config, but I doubt it's the case that your router is crappy (well, it's crappy but not that crappy lol.)

Good luck.

__________________Network Firefighter

Last edited by ai-danno; 21st May 2008 at 01:04 AM.
Reason: when I get excited about an answer my grammar goes to crap lol

The problem is he will never be able to test this from inside his LAN. If you notice he says he hasn't tested it from the outside and I think it will work just fine. the reason he gets his router page from the inside is because the router won't route traffic out and then back in by default. from inside the LAN, he would have to put entries in the hosts file of his client machine to get to the server through DNS. Even then, he would need to get outside his network to really test this. If his URL is pointing to his router, and port 22 is forwarded back to his server, and port 22 is reachable from the outside (as confirmed by canyouseeme, then he should be able to reach the box from the OUTSIDE of his network using the DNS name but NOT from the inside unless he puts an entry into his hosts file for the server's IP address. He would still be able to acces it from the inside with the internal IP though.